1.创建keystore
注意生成名称或者姓氏,是该服务器的域名【IP】
shell
keytool -genkeypair -alias apacheds -keyalg RSA -validity 3650 -keystore apacheds.keystore2.导出证书
shell
keytool -export -alias apacheds -keystore apacheds.keystore -rfc -file apacheds.cer3.将证书导入到系统证书库,实现自认证,这里的密钥口令是默认的:changeit
shell
sudo keytool -import -file presto.cer -alias presto -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit- 删除已导入证书
shell
keytool -delete -alias presto -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit- 列举当前导入的证书
shell
keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeitPresto 生成信任证书:
shell
keytool -delete -alias presto -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
keytool -export -alias presto -keystore presto.keystore -rfc -file presto.cer
sudo keytool -import -file presto.cer -alias presto -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
keytool -genkeypair -alias presto -keyalg RSA -keysize 2048 -validity 3650 \
-keystore presto.keystore -dname 'CN=localhost,OU=yiidata,O=yiidata,L=xi'an,ST=shannxi,C=CN'
keytool -list -rfc -keystore dataops.keystore | openssl x509 -inform pem -pubkey > dataops.pem
openssl x509 -inform pem -in dataops.cer -out dataops-p.crt